To ensure that your website is securely running it needs to have https enabled. This short tutorial will list steps necessary to secure NGINX server with a free Class 1 certificate from StartSSL.


1. You have a server running NGINX
2. You have already setup free account with StartSSL
3. You have validated your domain with StartSSL

Prep Work:

Download the StartSSL CA Certificate using wget:

Download the StartSSL Intermediate CA Certificate using wget:

Create a unified CA Certificate file:
cat >> ca.pem


Private key and Website Certificate

Use the StartSSL™ Control Panel to create a private key and certificate and transfer them to your server.

My naming convention:
Private key:

Then execute the following steps:

Decrypt the private key by using the password you entered when you created your key:
openssl rsa -in -out

Secure your key:
chmod 600

Create a single file containing your signed certificate and the StartSSL CA certificates for Nginx:

cat ca.pem >

Configure your nginx server to use the new key and certificate (in the global settings or a server section):

ssl on;
ssl_certificate /etc/nginx/conf/;
ssl_certificate_key /etc/nginx/conf/;

Reload nginx config or restart the service.
And you’re done!

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × two =

This site uses Akismet to reduce spam. Learn how your comment data is processed.